Document toolboxDocument toolbox

DNS Activity Report

Owned by Gary Leicht
Last updated: Sept 06, 2024
5 min read

The DNS Activity Report provides comprehensive DNS and traffic data about your networks over a specific time period. To view the DNS Activity Report, navigate to the Reports section in the Infoblox Portal (MonitorReports > DNS Activity). The default DNS report displays a bar chart showing the distribution of malicious hits for Source, Devices, and Users throughout your networks over the most recent one hour time span. The default report also lists detailed information about the respective events detected at the bottom of the report in the Events table.

NOTE: Hovering over the information icon on any of the report tabs to learn what data id is displayed within the report. 

Search Tool

The Search Tool is located above the Requests chart on the top, left-hand side of the page. The search data is pulled directly from the server  To use the search tool paste or type in your search terms into  the search field box. Alternatively, by clicking in the search field and typing the first few letters of your search query an option menu listing popular search terms will be displayed. A power search feature utilizing a new, powerful search query language is also supported.

Performing Search Queries

Using the search query language, you can search all records with customized queries. By clicking the information icon located next to the search box, the Query Syntax resource window will appear. You can view sample search queries using the new search query syntax as provided in the tool-tip. Using the sample queries provided, you can construct your own queries to better assist in your searches. Refer to the specific sub-report to view the specific search queries applicable for that report.

DNS Reports by Type

At the top action bar, you can view DNS activity by type. DNS activity by type includes the total number of reported DNS hits to your infrastructure as included in the Source, Devices, and Users reports. When filtering by source, the filter drop-down is limited to showing 10 sources. You can also get specific data associated with any one of these DNS activity report types by clicking on its respective link. When you click a link, the corresponding overlay chart for the specific type of DNS report is displayed. For example, when you click DNS, a chart depicting each DNS event will be displayed, providing you with insight into the detected DNS events. This information can help you identify the top DNS events within your networks so you can take appropriate corrective actions. Note that the total number for these fields stay the same regardless of the filtering criteria you have configured for the report.

Time and Date Filtering

Clicking Show, located to the right-hand side of the page below the top Action bar, allows filtering of records by both time and date. The time period displayed can be modified from 1 hour to 1 month. Optionally, by selecting Custom and choosing From and To values, a custom time period can be chosen. You can select a different time frame from the Show drop-down menu. Show options include the following: 

  • 1 hour 
  • 24 hours (default)
  • 48 hours
  • 7 days
  • 1 month
  • Custom (limited to 31 days of data)  

When Custom is selected, the following date/time filters appear, allowing further customization of the respective date and time:

  • From: When selected a time dial and calendar appears where a time and date can be selected for the start time/date.
  • To: When selected a time dial and calendar appears where a time and date can be selected for the end time/date. 

Records Refresh

Clickingthe view on Dossier icon located to the left of the time/date filtering tool, allows you to refresh the records on the page without refreshing and reloading the entire page and losing your in-place filters.

Charts

The charts display all data collected for a specific DNS activity event type. Information in the chart will reflect the type of DNS activity selected, along with the number of threats detected during the span of time indicated in the chart. Each green-colored bar on a Requests chart indicates a specific time interval within the chosen time span displayed. By rolling over each bar, the number of events, the time interval, and the date of the bar are displayed in a tool-tip window. 

 Table

The table, located below the chart displays data collected for the selected DNS activity event type. The default layout is automatically loaded for viewing; however, the table can be customized by adding additional types of report information. To add additional information to a table, click the expandable menu icon to select and display from the other additional information types listed in the option window. By default, events are displayed in chronological order based on information contained within the Detected column. Each of the columns can be sorted or reverse-sorted by clicking on the header label for the column.

Located in the bottom-left corner of the table, the total number of table records is displayed. For instance, if there are 57 records available when unfiltered, then the table will display the following: Showing 57 of 57. If only 48 records are available after applying filters, then the table will display the following: Showing 48 of 57. The maximum number of records the UI can display is 10,000. Located in the bottom-right corner of the table the number of pages of records is listed. You can click on a page link to view the records for that page. 

Records Export

Click Export to export report data in csv format. Based on report type, the maximum number of records available for export varies.  Refer to the table below to view maximum number of records available for export based on report type.

Report TypeMaximum Number of Records Available for Export
DNS Hits50,000
DNS Source10,000
DNS Devices10,000
DNS Users10,000

DNS Activity Historical Data Reports

DNS Activity Historical Data reporting offers the capability to access data that goes back beyond the usual 30-day limit. To access historical data, you can create custom historical data reports by configuring queries and filters according to your organization's specific requirements. These customized reports allow you to obtain the precise historical data you need. It's important to note that saved historical data reports will be retained for a maximum of 30 days, after which they will be automatically deleted from the system.

To navigate to DNS Activity Historical Data reporting, on the DNS Activity page, click Historical Data Viewer located in the top, right-hand corner of the DNS Activity Report page.  

For information on creating and running a historical data report, and viewing the report data, see DNS Activity Historical Data Report.

DNS Activity Report Descriptions

The following DNS activity report tab descriptions provide more details specific to each report type: